Exploitationshellcodeinjectionpe-infectorwindowsevasionmetasploit

Shellter

Shellter is a dynamic shellcode injection tool and PE infector for injecting shellcode into native Windows applications. It preserves the original PE structure to evade antivirus detection.

Description

Shellter is a dynamic shellcode injection tool aka dynamic PE infector. It can be used in order to inject shellcode into native Windows applications (currently 32-bit apps only). The shellcode can be something yours or something generated through a framework, such as Metasploit.

Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification such as changing memory access permissions in sections (unless the user wants to), adding an extra section with RWE access, and whatever would look dodgy under an AV scan.

It is particularly useful for antivirus evasion techniques, as referenced in PEN-200 training materials.

How It Works

Shellter performs dynamic shellcode injection into 32-bit Windows PE files without altering the original file structure in ways that trigger AV detection, such as modifying section permissions or adding RWE sections unless explicitly requested by the user.

Installation

bash

sudo apt install shellter

Flags

-hDisplay help message

Examples

Add i386 architecture support required for wine32

dpkg --add-architecture i386

Update package lists and install wine32 dependency

apt update && apt install wine32

Launch shellter (requires wine32 installed first)

shellter

Display shellter help (may prompt for wine32 installation)

shellter -h

Complete setup command shown in shellter -h message for wine32 installation

dpkg --add-architecture i386 && apt update && apt -y install wine32

Install wine32 after adding i386 architecture

apt update && apt install wine32

Updated 2026-04-16kali.org ↗